Sap Businessobjects_business_intelligence_platform

73 CVEs affecting Sap Businessobjects_business_intelligence_platform. Latest disclosed: 2026-02-10. Critical: 6, High: 21.

Top CVEs affecting Sap Businessobjects_business_intelligence_platform
CVESeverityScorePublishedSummary
CVE-2023-0018Critical10.02023-01-10Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an a…
CVE-2023-0022Critical9.92023-01-10SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the appli…
CVE-2020-6242Critical9.82020-05-12SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Managemen…
CVE-2020-6195Critical9.82020-04-14SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It in…
CVE-2020-26831Critical9.62020-12-09SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generati…
CVE-2020-6294Critical9.12020-08-12Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionaliti…
CVE-2022-35228High8.82022-07-12SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achi…
CVE-2020-6219High8.82020-04-14SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an atta…
CVE-2019-0398High8.82019-12-11Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to…
CVE-2025-0064High8.72025-02-11Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to gen…
CVE-2025-0061High8.72025-01-14SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interactio…
CVE-2023-42472High8.72023-09-12Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report c…
CVE-2023-0020High8.52023-02-14SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise res…
CVE-2023-24530High8.42023-02-14SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed…
CVE-2024-28165High8.12024-05-14 SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which c…
CVE-2022-28213High8.12022-04-12When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML docume…
CVE-2026-0490High7.52026-02-10SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication…
CVE-2026-0485High7.52026-02-10SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to c…
CVE-2022-27667High7.52022-04-12Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access infor…
CVE-2021-40500High7.52021-10-12SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations…